Recent articles

People monitor their systems for two main reasons: to keep their system healthy and to understand its performance. Almost everyone does both wrong, for the same reasons: they monitor so they can react to failures, rather than measuring their workload so that they can predict problems.

Data Warehousing (DW) and Business Intelligence (BI) are a pair of concepts almost as old as databases. They spring from the need for enterprises to dig into huge amounts of data to identify business trends over time to anticipate future needs. They are inexorably linked concepts; BI refers to the …

dbbench is a tool I've been working on for a while at MemSQL. It is an open source database workload driver engineers at MemSQL and I use for performance testing. One often-overlooked feature in dbbench is the ability to replay query log files. Previously, this was a somewhat manual process …

In the past few months, I’ve had to debug some gnarly issues related to TCP_KEEPALIVE. Through these issues, I’ve learned that it is harder than one might think to ensure that your sockets fail after a short time when the network is disconnected. This blog post is intended …

During my first week at my new job, I had the opportunity to teach some of my new coworkers about gdb breakpoint commands and conditional breakpoints. I had a lot of fun teaching these techniques my friends here and thought others might find the story enjoyable as well.

tl;dr - fuzzy is a "super secure parsing engine", that includes a histogram function. The histogram ascii text uses a buffer on the stack, but will increment
buckets past the end of the buffer if non ascii text is provided, allowing us to
rop. Binary and exploit available here.
Cross …

The program

Tonight, I sat down and read through every resume in the 2013 SCS senior
resume book. Reading resumes for a company is really interesting, because
I find myself looking at them very differently. As a student, I didn't
really understand what sections of the resume are important. I thought
it …

My coworkers presented a silly programming interview style question to
me the other day: given a list of words, find the largest set of words from
that list that all have the same hash value. Everyone was playing around
with a different language, and someone made the claim that it …

I spent some time this week switching from bash to zsh (I really enjoy
zsh - I treat it as bash with floating point arithmetic and other
niceities)
and making a theme for
oh-my-zsh and prezto
for myself. I'm not quite done, but I am pretty pleased with
the results.

I've been working on writing a memory bandwidth benchmark for a while and needed to use a monotonic timer to compute accurate timings. I have since learned that this is more challenging to do that I initially expected and each platform has a different way of doing it.

Some students had some difficulty profiling their code because omp_get_num_procs was dominating the profiling traces. I tracked it down and found that the profiling tools emitted misleading results when the library didn't have symbols.

Earlier this year, tylerni7 showed us a proof of concept for a 32 bit Go exploit using this issue. geohot and I had a wager over who could get the first remote code execution on play.golang.org: he won, but just barely ;-). Props also to ricky for helping to find the underlying cause/writing the patch. Here is a summary of how we did it.

Pai Mei is an open source windows reverse engineering framework. At one point, it was ported to Mac OSX but the project is not very actively maintained and the current instructions are quite lacking. This post hopes to offer some guidance and reduce some of the frustration involved in installing …

I have spent some time over the past month or so trying to use Go binaries in a secure manner and trying to exploit Go binaries and I thought it would be useful if I talked a little bit about my journey.